Hackers can yet Abuse WSUS, Security Pundits Show the Way

Hackers can yet abuse company implemented WSUS (Windows Server Update Services) that are insecurely configured, state security researchers, as published on scmagazineuk.com dated August 6, 2015.

This kind of security breach was shown during the Las Vegas held Black Hat Security Conference.

With WSUS having incorrect default settings such as HTTP delivery rather than HTTPS delivery of SSL-encryption, hacking becomes easier. At the CIS (Context Information Security), the researchers stated that hackers with the aid of access rights that were low-privileged could establish phony updates which got mechanically loaded.

The updates would pull down any malware usually a Trojan that would help establish admin access even if the username and password were false. Accordingly, if a Windows computer, which accessed any WSUS server to obtain updates via an URL without HTTPS, would be susceptible.

According to Principal Consultant Paul Stone at Context, the case is about one simple configuration issue, reported scmagazineuk.com.

Stone explains that Microsoft doesn't implement Secure Sockets Layer (SSL) in connection with WSUS; however, it provides an option for the same which enterprises commonly adopt as an extra task just for utilizing HTTPS. Nevertheless, enterprises that don't they've the option as enabling any admin towards hijacking the entire corporate network within just a single attempt.

Companies can get to know the problem through examination of group policy configurations of WSUS as also individual PCs whether they're vulnerable via examining the URL that without HTTPS should be susceptible.

Context's security investigators advised end-users to follow Microsoft's specifications about the way for using SSL in connection with WSUS for safeguarding their PCs while indicated Microsoft could implement its additional 'defense-in-depth' alleviations for further protection.

According to Security Researcher Alex Chapman who's also co-presenter at Context's Black Hat, protection could increase via employing one different signing certificate that would approve the Windows updates, while Microsoft could digitally approve the metadata of that update for deterring embezzlement. Cbronline.com reported this, August 6, 2015.

Chapman added that approving the tags, which carried the updates' key information, with Microsoft's digital certificates implied that there wouldn't be any need for developing trust among the WSUS server and client.

» SPAMfighter News - 8/13/2015

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!